[Warning] Malicious file about portrait infringement

1. Information

INCA Internet response team detected malicious file which contains malicious file disguised as a portrait file from 04 May 2012. On April, various reports about this file can be found on internet so far, yet it can be found in Korea. Besides, this malicious file has various variants; we add patterns on our nProtect Anti-Virus. Containing EXE(ZIP)file on attachment of e-mail has great possibility to be revealed as a malicious file.

2. Real cases

IMG0893.zip - Your photo all over Facebook? Naked? Malware campaign spammed out

[nProtect Response Team Official Blog]
[Caution] Malicious e-mail about BBB(Better Business Bureau)

Following image contains various malicious files. The title of e-mail is "FW:Why did you put this photo online?" (It may contain about portrait infringement)

To Korea May 4, 2012

To Germany May 8, 2012

To Korea again May 8, 2012

ZIP typed attachment is disguising as an image file, and it actually contains executable file.

User will be infected by malicious files after extracting and executing ZIP file.

After being infected, clone file of malicious file will be created on "All Users" path.

And it adds registry on following path and makes run on booting.

SunJavaUpdateSched c:\documents and settings\all users\svchost.exe

svchost.exe tries to access TCP/IP, yet it doesn't connect certain host.

3. Summary

Spreading malicious file with social engineering is one of traditional technique. To use PC safely from security threats of these malicious attachments, we recommend you download latest security updates and obey following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function.
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.

INCA Internet (Security Response Center / Emergency Response Team) runs responding system against various security threats.


  1. I've long thought that there are several different paths we could take to get to a more rational, egalitarian admissions system. The one I like most would make two changes to what we have in place right now at https://www.domyhomework4me.net/ do my homework for me

  2. Need help with an argumentative essay writing? Follow my link and get it!